W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2010

RE: Namespace Injection in DSig 2.0

From: Scott Cantor <cantor.2@osu.edu>
Date: Fri, 3 Sep 2010 12:53:04 -0400
To: "'Meiko Jensen'" <Meiko.Jensen@ruhr-uni-bochum.de>
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <069301cb4b88$7a4356a0$6eca03e0$@osu.edu>
> thanks for enlightening me. In that case, we're still not having any
> progress in terms of fending namespace injection. I've reviewed the last
> communications we had on this, and I ended up with the impression that we
> had a tendency towards approaches #3 + #4 of my proposal in
> http://lists.w3.org/Archives/Public/public-xmlsec/2010May/0027.html ,
> however, I found no explicit resolution on this. Maybe we still have to
make
> a decision here?

I know if I were generating XPaths myself, I'd use #3 hands down. If we want
to try and fix it explicitly while allowing for prefixes, than some variant
of #4 is IMHO required.

Note that it's a bit recursive....you probably end up with some kind of
repeating element in #4 that identifies a QName that's in the XPath
expression, and then you probably reference *that* element as a QName-valued
element in the QNameAware option.

Did I mention QNames are a bad thing...?

-- Scott
Received on Friday, 3 September 2010 16:53:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 3 September 2010 16:53:40 GMT